← 返回 Skills 市场
Xiaohongshu Ops
作者
lovensky1992-wk
· GitHub ↗
· v1.0.1
· MIT-0
437
总下载
1
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install xhs-ops
功能描述
小红书端到端运营:账号定位、选题研究、内容生产、发布执行、数据复盘。 Use when: (1) 用户要写小红书笔记/帖子, (2) 用户说"发小红书"/"写个种草文"/"出一篇小红书", (3) 用户讨论小红书选题/热点/爆款分析/竞品对标, (4) 用户提到账号定位/人设/内容方向规划, (5) 用户要求生成...
安全使用建议
What to check before installing / using this skill:
- Confirm where account credentials live: the SKILL.md assumes the runtime has an authenticated browser profile and access to image-generation APIs (Gemini/idealab, Seedream). Ask the publisher which tokens/keys are required, how they should be provided, and request minimal-scope credentials. Do not provide high-privilege or long-lived keys until you understand use.
- Verify the runtime tools and scripts: the instructions call <WORKSPACE>/scripts/generate-image.sh and other scripts and reference using --ref flow. Those scripts are not included in the package. Ask where they come from (platform-provided, installed separately, or part of another repo). If you must add scripts, review them first.
- Test in a sandbox account: because the skill automates posting and replies, run it against a test Xiaohongshu account (and a test Feishu workspace, if used) to confirm behavior and avoid accidental public posts or replies.
- Confirm data flows and storage: the skill writes prompts, anchors, and knowledge-base files. Decide if those files may contain sensitive data and where they are stored. If you have compliance constraints, audit what gets persisted and who can read it.
- Restrict autonomous actions initially: since autonomous invocation is allowed by default, consider disabling or requiring user confirmation for publish/reply actions until you trust the skill and have tested its behavior.
- Ask the author for a minimal dependency list: request an explicit list of env vars, API endpoints, and required binaries. The absence of declared credentials for image services and messaging endpoints is the main incoherence here.
- Validate source and maintainers: the registry metadata owner and README references point to third-party repos; confirm the publisher's identity and look for an official homepage or repo you can review. If you cannot verify the author, be cautious.
If you want, I can produce a short checklist/email you can send to the skill author asking for (1) required env vars and their scopes, (2) the scripts referenced and their contents, (3) where account logins are expected to come from, and (4) a description of what the skill will write to the workspace.
功能分析
Type: OpenClaw Skill
Name: xhs-ops
Version: 1.0.1
The xhs-ops bundle is a comprehensive toolkit for Xiaohongshu (XHS) account management, including content generation, account auditing, and automated interaction. It is classified as suspicious because it contains functional JavaScript snippets for scraping user and post data (references/xhs-eval-patterns.md) and explicitly directs the agent to execute external Python and shell scripts (style-observe.py, generate-image.sh) for style tracking and image generation that are not provided in the bundle. While these features align with the stated purpose of the skill, the combination of scraping capabilities and external script execution without providing the source code for those scripts poses a potential risk for unauthorized data collection or local code execution.
能力评估
Purpose & Capability
The name/description (end-to-end Xiaohongshu ops: ideation, writing, publishing, replies, visual generation) aligns with the SKILL.md instructions. Expected behaviors (reading persona, producing drafts, following publish SOPs, commenting rules, producing image prompts) are present and coherent. However, the instructions repeatedly assume access to external image-generation services (idealab Chat API / Gemini / Seedream / ComfyUI) and local scripts (e.g., <WORKSPACE>/scripts/generate-image.sh) but the skill metadata declares no required env vars or binaries and the bundle does not include those scripts. That omission is disproportionate: a skill that expects to call external image APIs or run helper scripts should declare those dependencies or request the corresponding credentials.
Instruction Scope
The SKILL.md gives detailed runtime instructions that include reading and writing many workspace files (persona.md, knowledge-base/, prompts/, temp/...), creating persistent knowledge-base entries, and interacting with web UI (publish flows, notifications page, comment input). It also includes JS snippets and DOM interaction patterns (document.execCommand, selectors) implying browser automation to inject replies and scrape page content. Those actions are broadly consistent with the stated purpose, but they enable: (1) automation of posting and replies (which operate on user accounts), and (2) scriptable extraction/insertion on web pages. The skill also instructs sending screenshots/attachments to Feishu as part of confirmation. The instructions do not limit or explain where credentials/logins come from, and they assume the runtime has specific scripts and API access — that gap increases risk because the agent may try to act with account-level privileges without clearly specified constraints.
Install Mechanism
This is an instruction-only skill (no install spec, no code files to execute). That lowers risk relative to skills that download and run remote code. The bundle contains many documentation files but no runtime installers or archived downloads. However, README suggests installing via a GitHub URL or clawhub; those remote install commands are external to this package and should be reviewed separately before following.
Credentials
The skill declares no required environment variables or credentials, yet the runtime instructions reference services that normally require keys (idealab Chat API / Gemini models, Seedream, nano-banana-pro, team AK mentions) and imply access to platform accounts (小红书 authoring backend, Feishu attachments). The skill does not justify where those credentials come from or request minimal scoped tokens. This mismatch — no declared env vars but obvious external API/account needs — is a significant proportionality gap that should be clarified before granting the agent any account-level access.
Persistence & Privilege
The skill writes to workspace paths (knowledge-base/, prompts/, temp/), which is expected for an ops skill that keeps internal state and templates. always:false (not force-installed) and disable-model-invocation:false (normal). Nothing in the package requests permanent platform-level privileges or changes to other skills. Still, because it automates posting and comment replies, you should verify whether the agent will be allowed to act autonomously on actual account sessions — the package assumes the runtime's browser profile holds logged-in sessions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xhs-ops - 安装完成后,直接呼叫该 Skill 的名称或使用
/xhs-ops触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Daily sync
v0.1.5
Daily sync
v0.1.4
Daily sync
v0.1.3
Daily sync
v0.1.2
Daily sync
v1.0.0
Initial release: Xiaohongshu/RED end-to-end operations - account positioning, topic research, content creation, publishing & analytics
元数据
常见问题
Xiaohongshu Ops 是什么?
小红书端到端运营:账号定位、选题研究、内容生产、发布执行、数据复盘。 Use when: (1) 用户要写小红书笔记/帖子, (2) 用户说"发小红书"/"写个种草文"/"出一篇小红书", (3) 用户讨论小红书选题/热点/爆款分析/竞品对标, (4) 用户提到账号定位/人设/内容方向规划, (5) 用户要求生成... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 437 次。
如何安装 Xiaohongshu Ops?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xhs-ops」即可一键安装,无需额外配置。
Xiaohongshu Ops 是免费的吗?
是的,Xiaohongshu Ops 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Xiaohongshu Ops 支持哪些平台?
Xiaohongshu Ops 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xiaohongshu Ops?
由 lovensky1992-wk(@lovensky1992-wk)开发并维护,当前版本 v1.0.1。
推荐 Skills